ansible
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill is centered around executing system-wide configuration changes with root privileges using the Ansible
becomefeature. While functional for its stated purpose, it provides a high-privilege execution environment for any commands contained within playbooks. - [COMMAND_EXECUTION] (MEDIUM): Documentation in
references/ansible-runbook.mdand logic inscripts/run-playbook.shsuggest or implement disabling SSH host key validation (ANSIBLE_HOST_KEY_CHECKING=Falseand-o StrictHostKeyChecking=accept-new). This practice bypasses a core SSH security control and makes the connection susceptible to Man-in-the-Middle (MITM) attacks. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes local inventory files and playbooks which serve as the source of truth for operations. If these files are manipulated by an external actor, the agent may unknowingly execute unauthorized changes on the infrastructure.
- Ingestion points:
ansible/inventory/hosts.iniand playbook files inansible/playbooks/. - Boundary markers: Absent; commands are executed based on the contents of the structured YAML/INI files.
- Capability inventory: Execution of
ansibleandansible-playbookwith sudo permissions viascripts/run-playbook.sh. - Sanitization: None detected for the input variables used to construct the command line in
scripts/run-playbook.sh.
Audit Metadata